[0:00]Can a merchant ship be used as a weapon? For decades, maritime safety was only about weather and accidents. But after 9/11, the focus shifted to a darker reality: deliberate, external threats. Today, the ISPS code stands between normal operations and a total security breach. Is it just a paper shield or the final line of defense?
[0:35]It was introduced at the moment when it became clear that a ship is more than just technology. It is not only the hull, engines and navigation. It is a place where people live and work and a place that can become a target of deliberate actions. This is where the meaning of the ISPS code begins. For a long time, safety at sea was associated mainly with weather and accidents, fires, flooding, equipment failures. This is what crews were prepared for, but almost no one considered that danger could come from outside and that it could be intentional. Ports were open, access to the ship was a formality, control was minimal. But the world changed, and with it, the approach to security changed. The ISPS code became a response to that change. It is not about fear, and it is not about turning a ship into a fortress. It is about awareness, about making sure that everyone on board understands who is around them, why that person is there, and which actions are normal and which are not. Security stops being an abstract idea. It becomes part of everyday work on board. In real life, the ISPS code is often almost invisible. A watch at the gangway, document checks, restricted areas, attention to small details that used to be ignored. It does not look heroic, but it is exactly these small things that protect the ship. The ISPS code does not require constant strictness. It is based on flexibility. Security measures change depending on the situation and the level of threat. It is also important to understand that this code applies to both the ship and the port. Security works only when both sides act together. But in reality, most of the responsibility lies with the crew. Seafarers are the first to face situations where it is not enough to simply follow instructions, but to make a decision. Before the beginning of the 21st century, maritime security was mainly focused on local threats. Piracy, smuggling, unauthorized access. Ports and ships operated with minimal and often purely formal security control. This era ended on September 11, 2001. The tragedy showed that civilian transport could be used as a weapon, and the maritime industry was no exception. The global community realized how vulnerable maritime trade really was, and that security could no longer be optional. The International Maritime Organization, IMO, reacted unusually fast. In December 2002, at a diplomatic conference, a new mandatory chapter was adopted. Chapter XI-2 of the SOLAS Convention. At the same time, the International Ship and Port Facility Security Code was adopted: the ISPS Code. The code entered into force on the 1st of July 2004, and this point is critical: the ISPS code is not a recommendation. It is a legal requirement. Failure to comply with the ISPS code is treated as a violation of SOLAS. In practice, this may result in the detention of a ship by port state control. To understand how the ISPS code works, we need to look at its structure. The ISPS code is a two-part system. Part A contains mandatory requirements. These provisions are not optional; they must be implemented. Part B provides guidance. It explains how the requirements of Part A can be applied in practice. Different ships, different ports, different risks, but the same mandatory framework. However, the effectiveness of the ISPS code does not depend on documents alone, it depends on people. In practice, the entire system is built around three key roles: the ship security officer, the company security officer, and the port facility security officer. The ship security officer is the person on the front line. On board the ship, the ship security officer is responsible for day-to-day security. He operates in accordance with the ship security plan. The ship security officer controls access to the ship, monitors restricted areas, supervises security patrols, and ensures that security procedures are actually followed. The ship security officer also maintains the ship security log. This is not a formality. Every security check, every drill, every unusual or suspicious event, all of it must be recorded, because the security log is a legal record of compliance. The company security officer is based ashore, but the role is strategic. The company security officer is responsible for the overall security policy of the company. This includes developing and maintaining the ship security plan, conducting audits, reviewing security procedures, and updating them when threats change. The company security officer must be available at all times. Security levels can change quickly, and the ship must be able to contact the company without delay. The port facility security officer represents the port facility. When a ship is alongside, the ship and the port temporarily form a single security perimeter. The port facility security officer is responsible for implementing the port facility security plan. If the security levels of the ship and the port are not the same, or if the port is considered a higher risk area, a declaration of security may be required. This document is not a formality. It clearly defines who is responsible for which security measures, who controls access, and who monitors cargo operations, and how both sides will respond to a security incident. This coordination between ship and shore is a core principle of the ISPS code. The ISPS code does not require permanent maximum security. It requires an appropriate response to the level of threat. For this reason, the code defines three security levels. Each level requires specific measures in key areas. Security Level 1 is the normal operating level. At this level, minimum appropriate security measures must be maintained at all times. This does not mean relaxed security; it means consistent prevention. Access to the ship must be controlled. Every person boarding the ship must have a legitimate reason, identification must be verified. The ship's perimeter in the surrounding water area must be monitored. Random security checks are carried out, not to check everyone, but to remain unpredictable. This unpredictability is itself a security measure. Security Level 2 is a heightened level. It is applied when there is an increased risk of a security incident. At this level, additional protective measures are implemented. Security patrols become more frequent. Patrol routes are varied and unpredictable. The level of screening is increased. Access to critical areas is further restricted. Additional monitoring equipment may be activated if required. Security Level 3 is an exceptional level. It is applied when a security incident is probable or has already occurred. At this level, only security-related activities are carried out. All non-essential operations are suspended. Access to the ship is strictly limited. Only authorized personnel and emergency responders are permitted. The crew follows the procedures defined in the ship security plan. The objective is to protect life, limit damage, and support the response of the authorities. Ship security begins long before anyone boards the vessel. It begins with assessment. Under the ISPS code, this is known as the ship security assessment. The purpose of the ship security assessment is to identify physical, technical and procedural vulnerabilities. The assessment covers the entire ship, including navigation spaces, communication systems, access points, and critical equipment. The results of the ship security assessment form the basis for the ship security plan. The ship security plan is a confidential operational document. It defines how security is implemented on board the ship. The plan includes security equipment and its location, the responsibilities of each crew member, and specific actions for each security level. The ship security plan also includes procedures for responding to security incidents. This includes the activation of the ship security alert system. The ship security alert system is not a stand-alone, it allows the ship to silently notify the authorities of a security threat without alerting unauthorized persons on board. Security is not limited to people and access. Cargo and ship's stores must also be protected. The ISPS code requires measures to ensure the integrity of cargo units. This includes sealing procedures. Security procedures must be tested regularly. Training and drills are essential. Shipboard security training must be conducted at regular intervals. Drills are normally carried out at least once every three months. Security exercises involving the company or the port facility are conducted at least once per year. The final element of the system is certification. Compliance with the ISPS code is confirmed by the International Ship Security Certificate. The certificate is issued for a period of five years, and an intermediate verification is required during the validity period. Port state control will focus on the validity of the certificate and on the accuracy of the ship security records. The ISPS code is not a single procedure and not a one-time requirement. It is a system. A system built to identify risks, reduce vulnerabilities, and respond to security threats. Its effectiveness does not depend only on documents; it depends on people, on awareness, on discipline, and on consistent application of security measures. The code establishes clear responsibilities for the ship, for the company, and for the port facility. Each element supports the others. If one part fails, the entire system is weakened. Compliance with the ISPS code is not optional. It is a mandatory requirement under SOLAS. Failure to comply may result in detention, operational delays, and increased risk to the ship and crew. But more importantly, the purpose of the code is protection, protection of life, protection of ships, and protection of maritime trade. Understanding how the ISPS code works is the foundation of effective ship security. And security is not a condition; it is a continuous process.
